North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Denial of service attacks apparently from UUNET Netblocks

  • From: Charles Sprickman
  • Date: Tue Oct 07 01:25:06 1997

I would not be surprised if the caller's phone number were logged, most
modern modem banks talk ANIS and DNIS, which if I'm remembering correctly
is basically caller ID.  I'm thinking of putting this on our POP, as there
doesn't seem to be an extra charge to get the data from the telco.

Charles

~~~~~~~~~					~~~~~~~~~~~
Charles Sprickman 				Internet Channel
INCH System Administration Team			(212)243-5200
[email protected]					[email protected]

On Mon, 6 Oct 1997, Phil Howard wrote:

> Date: Mon, 6 Oct 1997 21:30:11 -0500 (CDT)
> From: Phil Howard <[email protected]>
> To: [email protected]
> Cc: [email protected]
> Subject: Re: Denial of service attacks apparently from UUNET Netblocks
> 
> Steve Mansfield writes...
> 
> [snip snip snip]
> 
> > S'okay.  Have the feds subpoena UUNET for the connect logs for these
> > max'es.  UUNET keeps the logs and is capable, given the exact time of the
> > attack(s), of going through the logs, identifying exactly who it was, and
> > if it's one of their customers, giving the personal info to the feds.
> > If it's a reseller's customer, they can get the user info and forward it to
> > the reseller and inform the feds who they need to talk to for the personal
> > info.  Whoever it was is as good as nailed.
> 
> Unless it was a stolen account.  With more and more "naive" users coming
> online, the chance of this kind of thing happening is greater and greater.
> You can shut off the account.  Feds can visit the home of whoever owns the
> account.  They can even be blocked from ever getting any account at any
> ISP for life.  But if this possibility is fact, you won't have the perp
> and they can attack again.
> 
> Now if the telco has records of all the phone calls you can find out where
> the calls actually came from.  Maybe that's the perp.  Maybe not.
> 
> What is ultimately needed is some better real time detection of this kind
> of thing sufficiently deployed so that it is present on all routers where
> the exposure exists.  You may not catch the perp, but you might reduce the
> damage it causes.
> 
> How to encourage this to be done is left as an exercise for the reader.
> 
> -- 
> Phil Howard  +-------------------------------------------------------------+
> KA9WGN       | House committee changes freedom bill to privacy invasion !! |
> phil at      | more info:  http://www.news.com/News/Item/0,4,14180,00.html |
> milepost.com +-------------------------------------------------------------+
>